PrivescCheck: Privilege Escalation Enumeration Script for Windows

PrivescCheck

This script aims to identify Local Privilege Escalation (LPE) vulnerabilities that are usually due to Windows configuration issues, or bad practices. It can also gather useful information for some exploitation and post-exploitation tasks.

Check types

All the checks implemented in PrivescCheck have a Type. This value, and the flags specified on the command line, will determine if they are run, or not.

Checks of type Base will always be executed, unless the script is run as an administrator. They are mainly intended for identifying privilege escalation vulnerabilities, or other important issues.

Checks of type Extended can only be executed if the option -Extended is specified on the command line. They are mainly intended for providing additional information that could be useful for exploit development, or post-exploitation.

Checks of type Audit can only be executed if the option -Audit is specified on the command line. They are mainly intended for providing information that is relevant in the context of a configuration audit.

Checks of type Experimental can only be executed if the option -Experimental is specified on the command line. These are unstable checks that need further work. Use them with caution.

Download & Use

Copyright (c) 2023, Clément LABRO

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy